Hacker News new | past | comments | ask | show | jobs | submit | pytrin's comments login

> If an applicant takes the time to apply to your posting, why not give them a follow up regardless?

I'm not a hiring manager, but as the CTO I do review a lot of resumes incoming for technical positions we are hiring for.

The vast majority of applicants do not appear to be taking any time at all aside from selecting their resume to upload and clicking submit. It doesn't seem like they even read the job requirements, since 90% of them do not meet the minimal requirements we post. Some of them are not even developers, but they apply for a developer position.

If someone does appear to be relevant and did also include a cover letter relevant to the position, I will respond, regardless if they're a fit or not.

For me the biggest pain is the sheer amount of irrelevant submissions, which makes you numb after a while. This is why I don't believe in job postings anymore and mostly do headhunting.

Hope this helps!

When I submit my application, I generally get a confirmation email ("You have successfully applied"). Some companies say "If you don't hear back from us before two weeks, consider yourself rejected". That is good enough for me.

> since 90% of them do not meet the minimal requirements we post.

What minimal requirements are those? Most companies post a laundry list of every little framework and tool they're working with looking for the unicorn that already has years of experience in the same exact stack. Years of those types of posts have trained engineers to apply anyway, since most employers don't really care if you have every requirement on the list.

For example, we posted a job for a mid-level front end developer. We got a bunch of resumes from people who just finished a code bootcamp earlier this year, when we specified 3 years of front end development experience as the main requirement. Why does someone who finished a bootcamp 3 months ago and hasn't done any professional work yet thinks they should apply for a mid-level position, is beyond me.

Other candidates apply with 0 development experience - their resume frames them as "project managers" or "Search engine specialist" with no development related prior experience anywhere. I feel I wasted my time everytime I go through one of those.

Wouldn't it be pretty easy to send a standard email saying that the application was rejected? Maybe have 2-3 with different reasons, should fit nearly all cases. For the applicant it's still much nicer than hearing back nothing at all.

That requires one to spend time reading and thinking about whether someone falls under "can't write a coherent sentence", "not remotely qualified", and "this is a cv?!".

We would always give detailed feedback to everyone who came to interview, but candidates who fell far from the field didn't get more than the automated reply. Originally I tried responding to everyone, but it's a sucker's game. It isn't just the time spent replying in the first place, even if it only takes a moment, it's the replies asking "why do you think you're qualified to tell if I'm qualified", "here's my creative writing piece from 11th grade, for a developer position, read it please", "I'll sue you, fucker! I know my rights!", "ok I understand can you teach me to program?", "ok I understand, here's my startup idea, what do you think?".

All it takes is one candidate who responds irrationally to a rejection and your entire day, and attitude to other candidates, can be blown up.

So, just like there's a bar for an invite to interview, there's a bar for a positive rejection.

Yeah, Exactly. Each applicant is waiting forever to receive an update from their side regardless of what the end result is. It is so unfair from their side that they just stop replying on purpose.

I find it hard to believe that 90% of the resumes is that bad. To be honest, I have never been in a situation where I have to recruit people.

You are basically saying that you don't send a simple email because people don't send you a proper resume. However, by sending you a resume they have already put in a lot more effort than you do. It comes across as very arrogant when you don't even send an automated mail. I would even argue that it IS arrogant.

There is no way to automate it with the systems we worked with. We receive the resume through their interface, it doesn't go directly to our Email and doesn't share the contact details directly.

Honestly, if you'd seen the kind of resumes we received you would not think most candidates put any effort at all. Like another person said here, it looks like most of them are spamming all job listing on those sites.

> To be honest, I have never been in a situation where I have to recruit people.

I have (tho admittedly, not in the tech sector). But I can believe it.

What about software that auto emails/ calls / text everyone not the new hire? is that too much to ask spend? what if someone like monster.com sponsored the service?

Check out Lever (YC S12) if you want a tool to help with more of this: https://www.lever.co/hire

I'm one of our founders and CTO, and we individually contact every applicant to our jobs. Lever has the ability to respond via a general email address for your company or your own email, so you can choose the appropriate level of personalization per email template.

Thanks for the feedback.

When you do hire, how do you collect/manage your applicants?

We used to receive inbound from sites like Ziprecruiter and Indeed. Now I'm using the Stackoverflow Talent service to search for applicants that fit our requirements. I don't start conversations with more than 1 or 2 at the same time, so I don't really need an additional tool to manage them.


When you get to a certain size, if you've got the right culture, referrals will be a huge stream of applicants. For me, about 80% of our candidates are referrals.

I view referral rates as a trailing indicator of culture — if you enjoy working at company X, you'll refer your friends to work there, too. If you hate it or don't believe in its prospects, you won't.

I thought so too - we recruited heavily this way.

There is however the ever present law of unintended consequences.

Referrals are often friends. People like working with their friends. Whoops, a clique forms. Whoops, the leader of the clique has decided that the clique is going on strike unless the leader is given a promotion and a raise, and the entire clique will quit if you don't. While you're mulling this over the clique explodes as it turns out the leader's lieutenant has been shagging the same married clique member as the leader.

You can't fire them without cause, you can't chasten them for how they conduct their personal lives, you can only hold your head in yourself if hands as you watch politics tear chunks from your business like coursing hounds.

So, referrals are good but I learned the hard way that one shouldn't rely on it - it leads to confusion over whose damn company it is.

Does this support wildcard subdomains? If not, would you be willing to add such support?

This uses LetsEncrypt which doesn't support wildcard certificates yet:

> Will Let’s Encrypt issue wildcard certificates?

> We currently have no plans to do so, but it is a possibility in the future. Hopefully wildcards aren’t necessary for the vast majority of our potential subscribers because it should be easy to get and manage certificates for all subdomains.

From https://community.letsencrypt.org/t/frequently-asked-questio...

Unfortunately, that doesn't work with dynamic subdomains (i.e, domains assigned and edited by users). Hopefully they'll change their minds in the future - until then, I'll be paying for a commercial certificate

You could always script the letsencrypt API and generate a new certificate on each subdomain generation.

That's correct, however there are rather aggressive rate limits in place right now that would make this hard for your typical SaaS-on-a-subdomain deployment if you have more than ~5 new signups per week. Plus, if SAN support is a concern, wildcards are preferable too.

The rate limits[1] I see documented are 500 registrations per 3 hours. That's a lot more than ~5 new signups per week. More like ~16800 new signups per week, no?

[1] https://community.letsencrypt.org/t/rate-limits-for-lets-enc...

Certificates/Domain is the one that would affect this use-case the most. It's set to 5 certificates per domain per week. More specifically, it's certificates per TLD+1, so one certificate for customer1.example.com and one for customer2.example.com would put your rate limit for example.com at 2, thus limiting you to 5 signups per week unless you spread your SaaS over multiple TLD+1's.

Wildcards are important and LE should support them, but it will take perhaps some more work on the validation rules. Dynamic subdomains are powerful stuff, and even a real-time automated cert request is a poor substitute for just having the wildcard. If you're doing sub-domain per customer, the wildcard cert is definitely preferred particularly if you're proper multi-tenant all the way down the stack.

Ah, I didn't catch that this limit was applied to the TLD+1.

Weird, why allow a generous 500 registrations per 3 hours, while limiting certs per domain like this? Anyone have a link to anywhere that letsencrypt explains what they are trying to do here?

Registrations don't cause a lot of load. They're essentially just one row in a table.

Certificates have to be signed by a Hardware Security Module with limited capacity. OCSP messages have to be signed every couple of days for the lifetime of a cert by the same HSM. This is significantly harder (and more expensive) to scale.

How do they define a TLD? What's, for example, .co.uk to them?

They use the Public Suffix List[1].

[1]: https://publicsuffix.org/

Hmm, are you sure they do? Including the "PRIVATE" section? Any docs from them saying this, and clarifying whether this includes the PRIVATE section?

Because if so, that would seem to make the certs-per-domain limits not so much of a problem. If you own example.com, and have customers using sub-domains at a.example.com, b.example.com, etc -- that would seem to make example.com suitable for inclusion on the "PRIVATE" section of the list.


"owners of privately-registered domains who themselves issue subdomains to mutually-untrusting parties may wish to be added to the PRIVATE section of the list... Requests for changes to the PRIVATE section must come from the domain owner."


And indeed there are a few dozen random .com, .net, etc domains in the PRIVATE section. For instance `github.io` is listed there.

If that's the way for SaaS providers to get free certs from letsencrypt for their customers at customername.provider.com, I'd expect to see the listings in the PRIVATE section skyrocket.

Yes, private suffixes are included. It has already caused a spike in new PSL submissions[1].

You're right about this being rather easy to bypass, but the main goal is probably not to mitigate against abuse but rather prevent buggy automation scripts stuck in some kind of infinite loop from DDoSing them.

[1]: https://community.letsencrypt.org/t/dyndns-no-ip-managed-dns...

A TLD. They define domain as anything the average user can purchase.

Oh that's a bummer, I was just looking into using this for a free service I made a while ago. Hopefully they'll bake in support at some point

Note that that's the current limits, but they have stated that they plan to raise them greatly in the future

5 certs per domain name per week. I'm currently rate limited, I should be able to get my www covered in 6 days.

i almost went down this route, then realized I could avoid all this R&D and just pay $40 for a wildcard cert.

$40? I paid over $90 for mine. Can I ask where you got it from?


Here's where I got mine, works great.

Nice! Bookmarked for next renewal. Thanks!

StartSSL do wildcards for $30/yr (minimum 2 years).

And here you can pay by bitcoins https://hostigation.com/?page=SSL

as mfkp said, that's where I got mine too.

Important though, for compatability with firefox and some other browsers, you'll need to copy the intermediate cert to the end of the cert file. it works fine with 2 certs in the file, just put the intermediate at the end.

Having only a half a dozen subdomains, with maybe another half a dozen being added per year (well below the limits), are there any advantages to using a wildcard cert VS individual certs for the subdomains? In other words, any way to justify the extra $30/year for a wildcard cert?

If you're thinking you're going to use LE, they're rate limits which make individual certs for sub domains unreasonable

The real problem is that most officers have such minimal training and conditioning in hand-to-hand combat combat (specifically, grappling), and as a result they panic and shoot-to-kill much more often than they should, or use excessive force to control a suspect also resulting in unnecessary deaths.

Instead of passing stupid legislation (anyone who's used firearms extensively knows aiming for limbs is not realistic, you have to aim for center-mass), they should work on improving ongoing officer training and conditioning so that officers would feel much more comfortable controlling a suspect without killing them.

Why would a police officer ever risk his own life by engaging in hand-to-hand combat? If a situation arises that calls for hand-to-hand combat, then the police officer should probably either use a taser or gun right?

I've been training in a grappling sport (BJJ) for over 9 years. The advantage a trained person has over an untrained one is massive. Even someone who has been training a few months could easily handle an untrained person without anyone getting hurt.

You can see hundreds of videos out there of police shooting people without apparent just cause - just because they "felt threatened". If they had the confidence they could deal with a physical confrontation if needed, I'm certain the amount of unnecessary shootings would decrease significantly.

Would you risk your life by confronting an aggressive person in hand-to-hand combat if you had no knowledge whether he had a knife or gun on him?

Binpress, Remote or onsite in Mountain View, CA

We are building a monetization platform for open-source, through dual-licensing and customization / integration services. We are a 10 person team, funded and generating revenue.

We are looking for help with marketing, content and community. You must have experience with software development, either in a technical or managerial role, and a strong understanding of the software development cycle. Compensation is market competitive + equity depending on background and experience.

If this sounds interesting, please get in touch at http://www.binpress.com/jobs/positions

The article is technically well written, but somewhat uninformed which stems from the author's limited experience and what he sees in popular media.

I thought the top comment below reflected what I have seen in my 10 years in the industry, much better:

" This is a very well written piece, but it's only covering the frothy tip of a very deep phenomenon. I too am a Rails developer, have been coding professionally for 15 some odd years, and I too find what VCs are chasing nowadays to be mostly time wasting crap. But that's not what software, even web software, is really about right now. It's just the glam side of the game.

The real folks making real things happen are building tools and technologies that literally could not have existed 10 years ago. In my personal experience, I've built integrated web portals that show real-time electricity usage for factories, saving them 10-50 grand a month by lowering usage during peak hours. I've built sales management tools that allowed a 2 man company to scale to a distributed team of dozens. Online rental advertising systems to cut out costly newspapers. Medical order management systems.

It's not glamorous, it doesn't get on TechCrunch or Hacker News, but it's real value, delivered by real professionals. And that, more than the stupid photo sharing cruft, is what's really driving developer salaries.

During the late 90's, the joke/threat was "go away or I will replace you with a very small shell script" - the point being that lots of human work could be automated by a savvy developer. That threat has become a promise, and we (costly) web developers are the ones fulfilling that promise across a huge range of industries." - Rob Morris

I remember reading this article when it first came out - it's biting and does a good job criticizing things that probably deserve some criticism.

But, I agree with that top comment - the real value from coders come from solving real problems people have. One non-profit near me said to me once: "We spend so much staff time entering data into our CRM software from the forms our clients fill out. We wish our staff could spend more time helping the clients."

And this is a great (and easy) problem for technology to solve. Solving problems like this is where technology is great, it simplifies life, it reduces unneeded work, etc. And often, it's actually, in my opinion, more fun than the 'glamorous stuff'.

> And often, it's actually, in my opinion, more fun than the 'glamorous stuff'.

Can't agree more with you. When I look for a job, I look to work at places solving difficult or complex problems that can create real value, and more often than not that's not at the next photo-sharing-social-site, although once those places get to scale cool tech does get created. I just love working in this industry full stop, and wouldn't trade it for the world!

Wow that quote is totally spot on.

It's interesting, because I am experiencing this first hand. I just started an internship working inside a large DOE facility, PNNL. The team I'm working on just makes sites for other large projects, sites to allow scientists and researchers to communicate with each other, share data, manage content, etc. It's very much not sexy work. But it's work that keeps thousands of others productive. So that quote really hits close to home.

Devs getting paid well is nothing new. If you look at enterprise apps, we're making good money, but not more (or much more) than 10-15 years ago. Salaries have been pretty stagnant just like the rest of the middle class. The 21 yr old with 6 month experience making 100k. That is a newer development I think. Bubble.

It's the only thing we're waiting on to switch to Balanced. We talked to you guys before about that (my co-founder, Adam, from Binpress) and it seemed to be progressing but then it stalled. Looking forward to May 22

Awesome. :) Please note that that date is an 'expected launch.' Things are progressing nicely, but that's not a hard date. But soon!

Firebug gives you the option to toggle all pseudo states for an element and edit its CSS. IMO Firebug and Chrome's dev tools still lag behind Firebug's.

This might be Nightly only. But in the Inspector pane of the Firefox dev tools you can right-click elements to set their focus/active/hover states. Doing so will also update the pane to the right showing any state specific rules that now applies.

You're confusing "free" in pricing with "free" in freedom. A free trial creates a completely different type of community than free and open code. GitHub could have just provided a closed binary for free if they wanted to go the Sublime route.

I'm pretty sure he's not confusing anything

You are correct. Besides, raising x amount of money at y valuation, doesn't mean the company as a whole is worth y. Investors typically get preferred stock, which are worth more. Marc Andreessen had a nice tweet chain about that exact topic yesterday, ending with this one - https://twitter.com/pmarca/status/457017580385873921

Some context needed - who is the target audience? investors? potential hires? users? I would make some modifications to accommodate each. I think the product concept translates well and is easy to understand. Since you focus most of the pitch on it, it seems like a pitch for users.

If you're pitching to investors, a few things need to be sharpened / clarified -

* You say "0 marketing spend" - which most investors will call bullshit on that. Typically, what you really mean is that you spent nothing on ads. Unless you consider your time as worthless, you probably spent quite a bit on marketing. Even if you have the most viral product in the world, you need to kickstart it until it reaches critical mass. Investors want to know that you've given some thought on how to scale that operation (and not that you'll spend 0 on marketing going forward).

* Regarding marketing, you briefly mention that user acquisition is built into the product. You need to elaborate a little bit on that, cause right now it's not clear how that is the case.

* Dates on the x-axis of the user growth graph would be helpful. Did that growth happen mostly after the public launch or during the closed beta? most people would assume the latter unless you tell them otherwise.

* At the end you briefly group together your recruiting needs and fundraising goals. Depending on the audience, I would focus on one. If fundraising interest is the goal of the pitch, put a dedicated slide on that, and move the hiring part to a footnote on the team slide. If it's the reverse, do the opposite.

* I would make the contact details at the end way larger, and move it higher. In addition, it's always good practice to put the name of the company, a tagline and basic contact details in the header of every slide - for people who lost concentration, or want to put a note for themselves before you reach the last slide. Btw, it should be in header and not the footer, because sometimes people's heads obscure the bottom of the deck during presentations (depending on how the seats are arranged). That is also why you should move the contact details at the end higher, just in case.

* Again, investor audience only - add a slide about the market / opportunity size. Especially if you're aiming for a series A round, which typically means venture capital.

Hope this helps!

Wow! Thank you so much! So many good points.

Regarding "$0 marketing spend" is yes $0 dollars on ads. We spent a bit money on making a promo video and business cards and so on. Investors where asking this question :)

Really helpful. Dragged this feedback to my "Feedback" folder :) http://dragd.is/WTSR2

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact